Jolokia Vulnerabilities – RCE & XSS

April 18, 2018 | Olga Barinova

CVE-2018-1000130, CVE-2018-1000129: Remote Code Execution via JNDI injection ...

Read More

Post-Soviet Bank Heists: A Hybrid Cybercrime Study

October 09, 2017

Today we are publishing a SpiderLabs Advanced Threat Report that details a ...

Read More

Linux Based Inter-Process Code Injection Without Ptrace (2)

September 05, 2017 | Rory McNamara

This article shows a technique to inject code into a Linux process without ...

Read More

A Backdoor in Skype for Mac OS X

December 12, 2016 | SpiderLabs Pen Testing LAC

Trustwave recently reported a locally exploitable issue in the Skype Desktop ...

Read More

Exploiting Padding Oracle To Gain Encryption Keys

October 26, 2015 | Georg Chalupar

Practical tricks on exploiting a padding oracle vulnerability.

Read More

WebLogic SSRF And XSS (CVE-2014-4241, CVE-2014-4210, CVE-2014-4242)

March 30, 2015 | Toby Clarke

CVE-2014-4241, CVE-2014-4210, and CVE-2014-4242: Server-Side Request Forgery ...

Read More

Exploiting Integer Based SQL Injection In Nested SQL Queries

October 08, 2013 | Sasha Zivojinovic

SQL injection involving nested queries and arithmetic evaluation.

Read More

An Analysis Of CVE-2017-5638

March 27, 2013 | Eric Rafaloff

A detailed analysis of the Apache Struts server-side template injection ...

Read More